Just went over to check RATtrap website, I’d say they are more likely the culprit than PureOS. Either of their hardware or software have Google/Apple fingerprints all over it. Obviously, RATtrap is in collaboration with those data sniffers, they’re not an independent company since you could see their programs can be downloaded thru Google Play and Apple Store which is saying a lot.